I am new to the world of configuration management software (infrastructure as code). I currently manage a small Linux environment with 25 Linux servers and wanted to ask if there are any useful use cases to regularly deploy patches to the 25 Linux systems?
In my opinion, due to the Infrastructure as Code approach, almost every small requirement should be covered or are there any limitations?
In general, I would like to cover the following points with Ansible:
preselect patches to be installed → I as administrator decide which patches go to which systems.
divide the 25 systems into different groups to patch not all systems at once but staggered.
release patches automatically for certain clients with a scheduled interval (e.g. weekly).
check the patch status of each client. Which client is missing which patches and which are up to date.
Would these points be covered or is a configuration more suitable for other use cases?
Okay sounds great. Are there any preconfigured templates or do I have to start from scratch?
And with ansible I can manage to patch many different linux distributions like Ubuntu and SLES for SAP enterprise. Is that also correct?
And how does it look like with support questions when I use ansible in production. Is there a commercial support channel which can be accessed after buying a subscription what can I do if I would ran into a configuration problem?
In response to your first question you can use facts to query the os type then pass it to the correct task. Ansible has patch tasks for many linux distributions.
In regards to templates there are many examples in github repository. I can’t recall on the top of my head.
In response to your last question if you want support with Ansible I know that they support their commercial products. Ansible tower/automation hub. . You could explore that